import { type AuthErrors } from "../../confluent/oauth/errors.js"; import type { Auth0Config, ConfluentTokenSet } from "../../confluent/oauth/types.js"; /** * Owns one user's Confluent OAuth lifecycle — token state plus the * transformations that advance it. Internal state advances via atomic * transform functions under {@link AuthContext.updateTokens} so each step is * atomic and no caller mutates the token set directly. */ export declare class AuthContext { private readonly auth0Config; private internalTokens; private cleared; private refreshTimer; private inflightRefresh; private errors; private failedRefreshAttempts; private constructor(); /** Runs the auth code → CP → DP chain and wraps the result in a context. */ static newFromInitialLogin(auth0Config: Auth0Config, authCode: string, codeVerifier: string): Promise; /** Build a context from an already-acquired token set. */ static fromTokens(auth0Config: Auth0Config, tokens: ConfluentTokenSet): AuthContext; /** Opaque access token — stable across refreshes. */ get accessToken(): string; /** * Current control-plane bearer token, or `undefined` if the context is * cleared or the CP token has expired. Call this immediately before each * API request — don't cache the returned string across awaits. */ getControlPlaneToken(): string | undefined; /** * Current data-plane bearer token, or `undefined` if the context is * cleared or the DP token has expired. Same usage guidance as * {@link getControlPlaneToken}. */ getDataPlaneToken(): string | undefined; /** * Readonly view of current auth-lifecycle errors. Consumers check this to decide * whether to prompt re-auth (when a non-transient error has been flagged). */ getErrors(): Readonly; /** True when the refresh token is no longer usable (expired or cleared). */ refreshTokenExpired(now?: number): boolean; /** * Pure predicate: should the refresh loop call `refresh()` on this context * right now? True when the refresh token is still live, no non-transient * error has been recorded, and the CP token is within the refresh window. */ shouldAttemptRefresh(now?: number): boolean; /** * Rotate the refresh token, then derive new CP and DP tokens. The rotated * refresh token is persisted before the CP/DP leg so a phase-2 failure * leaves the context with a valid (fresh) refresh token. The next scheduler * tick still re-rotates (we don't cache the id_token across ticks), but the * session isn't bricked by a partial failure. * * Single-flight: concurrent callers (e.g., the refresh loop + an explicit * tool-triggered call) await the same in-flight promise. Refresh tokens are * single-use, so overlapping calls would burn the same token. */ refresh(): Promise; private doRefresh; /** * Records a refresh failure on the context. A failure is transient unless * its message matches a known-permanent signal, or the consecutive failure * counter hits {@link MAX_CONSECUTIVE_TRANSIENT_FAILURES}. A non-transient * record flips `shouldAttemptRefresh` to `false` until the context is * cleared / re-authenticated. */ private recordRefreshError; /** * Mark this context as cleared — subsequent `refresh()` is a no-op, any * running refresh loop is stopped, and the accessors (`getControlPlaneToken`, * `getDataPlaneToken`) return `undefined`. Internal state is not exposed to * consumers, so no field scrubbing is needed. */ clear(): void; /** * Starts a background loop that refreshes the CP/DP token pair just before * the CP token expires. The loop self-reschedules: each fire sets the next * `setTimeout` at `controlPlaneExpiresAt - REFRESH_WINDOW_MS` from the * post-refresh state, so the schedule tracks the actual token expiry. */ startRefreshLoop(): void; private scheduleNextRefresh; /** Stops the background refresh loop. Safe to call even if not started. */ stopRefreshLoop(): void; /** * Applies a named transform to the token set. Each transform returns a * whole new {@link ConfluentTokenSet}; callers never mutate the state * directly. */ private updateTokens; } //# sourceMappingURL=auth-context.d.ts.map